I received a pfx file from one our techs. A pfx file is a cert and key, all in one binary file. He needs me to split it out into the cert and the key, so I can create a new request from that key, and then sign a new cert for him.
(no, I don't know why he can't just create a new request. And I would revoke the old cert, except that I am unsure of the details he used in naming it, so I don't know what to revoke .. So I am stuck trying to see if I can help the guy, by creating a new request from the private key, presuming I can extract the private key ...) Anyways, I found this set of commands Extracting Certificate and Private Key Files from a .pfx File <https://wiki.cac.washington.edu/display/infra/Extracting+Certificate+and+Private+Key+Files+from+a+.pfx+File> https://wiki.cac.washington.edu/display/infra/Extracting+Certificate+and+Private+Key+Files+from+a+.pfx+File 1. Note: the *.pfx file is in PKCS#12 format and includes both the certificate and the private key. 2. Run the following command to export the private key: openssl pkcs12 -in certname.pfx -nocerts -out key.pem -nodes 3. Run the following command to export the certificate: openssl pkcs12 -in certname.pfx -nokeys -out cert.pem 4. Run the following command to remove the passphrase from the private key: openssl rsa -in key.pem -out server.key But I'm asked for an "Import password" .. $ sudo openssl pkcs12 -in requests/DCTRNPS001_cert.pfx -nocerts -out DCTRNPS001_key.pem -nodes Enter Import Password: And I have no idea what an "import" password is. It's not the password for the private key, so I don't know what it is. Pointers, anyone? -- Mike. Leone, <mailto:tur...@mike-leone.com> PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF Photo Gallery: <http://www.flickr.com/photos/mikeleonephotos> This space reserved for future witticisms ...
